Method, apparatus, and system for authorizing remote profile management

ABSTRACT

A method, performed by a user equipment (UE), of controlling a profile is provided. The method includes receiving a remote profile management command regarding a target profile from a profile server, determining whether an enabled profile exists, verifying whether profile owner information of the target profile corresponds to profile owner information or sub-owner information of the enabled profile, based a result of the determination, and selectively executing the remote profile management command based on a result of the verification.

CROSS-REFERENCE TO RELATED APPLICATION(S)

This application is based on and claims priority under 35 U.S.C. §119(a) of a Korean patent application number 10-2018-0092058, filed onAug. 7, 2018, in the Korean Intellectual Property Office, and of aKorean patent application number 10-2019-0068808, filed on Jun. 11,2019, in the Korean Intellectual Property Office, the disclosure of eachof which is incorporated by reference herein in its entirety.

BACKGROUND 1. Field

The disclosure relates to a method of managing a profile in a wirelesscommunication system.

2. Description of Related Art

To satisfy soaring demand with respect to wireless data traffic sincethe commercialization of 4^(th)-generation (4G) communication systems,efforts have been made to develop improved 5^(th)-generation (5G)communication systems or pre-5G communication systems. For this reason,the 5G communication system or the pre-5G communication system is alsoreferred to as a beyond-4G-network communication system or a post-longterm evolution (LTE) system. For higher data transmission rates, 5Gcommunication systems are considered to be implemented on ultra-highfrequency bands (mmWave), such as 60 GHz. In the 5G communicationsystem, beamforming, massive multi-input multi-output (MIMO), fulldimensional MIMO (FD-MIMO), an array antenna, analog beamforming, andlarge-scale antenna technologies have been discussed to alleviatepropagation path loss and to increase a propagation distance in theultra-high frequency band. For system network improvement, in the 5Gcommunication system, techniques such as an evolved small cell, anadvanced small cell, a cloud radio access network (RAN), an ultra-densenetwork, device to device (D2D) communication, a wireless backhaul, amoving network, cooperative communication, coordinated multi-points(CoMPs), and interference cancellation have been developed. In the 5Gsystem, advanced coding modulation (ACM) schemes including hybridfrequency-shift keying (FSK) and quadrature amplitude modulation (QAM)modulation (FQAM) and sliding window superposition coding (SWSC), andadvanced access schemes including filter bank multi carrier (FBMC),non-orthogonal multiple access (NOMA), and sparse code multiple access(SCMA) have been developed.

The Internet, which is a human-oriented connectivity network wherehumans generate and consume information, is now evolving into theInternet of Things (IoT), where distributed entities exchange andprocess information. The Internet of Everything (IoE) has also emerged,which is a combination of IoT technology and Big Data processingtechnology through connection with a cloud server, etc. To meet needsfor technology elements, such as sensing technology, wired/wirelesscommunication and network infrastructure, service interface technology,and security technology, for IoT implementation, a sensor network,machine to machine (M2M), machine type communication (MTC), and so forthhave been recently researched for connection between things. Such an IoTenvironment may provide intelligent Internet technology (IT) servicesthat create a new value to human life by collecting and analyzing datagenerated among connected things. IoT may be applied to a variety offields including smart homes, smart buildings, smart cities, smart carsor connected cars, smart grids, health care, smart appliances, advancedmedical services, and so forth through convergence and combinationbetween existing IT and various industries.

Thus, various attempts have been made to apply 5G communication systemsto IoT networks. For example, 5G communication technology such as asensor network, M2M, MTC, etc., has been implemented by a scheme such asbeamforming, MIMO, an array antenna, and so forth. Application of thecloud RAN as the Big Data processing technology may also be an exampleof convergence of the 5G technology and the IoT technology.

As described above, various services may be provided along withdevelopment of a mobile communication system, thus necessitating a wayto effectively provide such services.

The above information is presented as background information only toassist with an understanding of the disclosure. No determination hasbeen made, and no assertion is made, as to whether any of the abovemight be applicable as prior art with regard to the disclosure.

SUMMARY

Aspects of the disclosure are to address at least the above-mentionedproblems and/or disadvantages and to provide at least the advantagesdescribed below. Accordingly, an aspect of the disclosure is to providea method and apparatus for effectively providing a service in a mobilecommunication system.

Additional aspects will be set forth in part in the description whichfollows and, in part, will be apparent from the description, or may belearned by practice of the presented embodiments.

In accordance with an aspect of the disclosure a method, performed by auser equipment (UE), of controlling a profile is provided. The methodincludes receiving a remote profile management command regarding atarget profile from a profile server, determining whether an enabledprofile exists, verifying whether profile owner information of thetarget profile corresponds to profile owner information or sub-ownerinformation of the enabled profile, based on a result of thedetermination, and selectively executing the remote profile managementcommand based on a result of the verification.

The sub-owner information may include information of a profile ownercapable of implicitly disabling the enabled profile.

When the sub-owner information corresponding to the enabled profile doesnot exist and an owner of the enabled profile and an owner of the targetprofile are different from each other, the enabled profile may not becapable of being disabled implicitly.

The selectively executing of the remote profile management command basedon the result of the verification may include disabling the enabledprofile when profile owner information of the target profile correspondsto the profile owner information or the sub-owner information of theenabled profile.

The disabling may include immediately disabling the enabled profile ormarking the enabled profile as to be disabled to disable the enabledprofile after performing a predetermined operation.

The method may further include enabling the target profile.

The enabling may include immediately enabling the target profile ormarking the target profile as to be enabled to enable the target profileafter performing a predetermined operation.

The operation may include a refresh operation or a reset operation.

The selectively executing of the remote profile management command basedon the result of the verification may include rejecting the remoteprofile management command when the profile owner information of thetarget profile does not correspond to the profile owner information orthe sub-owner information of the enabled profile.

The method may further include generating an error code indicatingprofile owner information mismatch.

In accordance with another aspect of the disclosure, a user equipment(UE) for controlling a profile is provided. The UE includes atransceiver and at least one processor coupled with the transceiver andconfigured to receive a remote profile management command regarding atarget profile from a profile server, determine whether an enabledprofile exists, verify whether profile owner information of the targetprofile corresponds to profile owner information or sub-ownerinformation of the enabled profile, based on a result of thedetermination, and selectively execute the remote profile managementcommand based on a result of the verification.

The at least one processor may be further configured to disable theenabled profile when profile owner information of the target profilecorresponds to the profile owner information or the sub-ownerinformation of the enabled profile.

The at least one processor may be further configured to immediatelydisable the enabled profile or marking the enabled profile as to bedisabled to disable the enabled profile after performing a predeterminedoperation.

The at least one processor may be further configured to enable thetarget profile.

The at least one processor may be further configured to immediatelyenable the target profile or marking the target profile as to be enabledto enable the target profile after performing a predetermined operation.

The at least one processor may be further configured to reject theremote profile management command when the profile owner information ofthe target profile does not correspond to the profile owner informationor the sub-owner information of the enabled profile.

The at least one processor may be further configured to generate anerror code indicating profile owner information mismatch.

Other aspects, advantages, and salient features of the disclosure willbecome apparent to those skilled in the art from the following detaileddescription, which, taken in conjunction with the annexed drawings,discloses various embodiments of the disclosure.

BRIEF DESCRIPTION OF THE DRAWINGS

The above and other aspects, features, and advantages of certainembodiments of the disclosure will be more apparent from the followingdescription taken in conjunction with the accompanying drawings, inwhich:

FIG. 1 is a diagram for describing a method, performed by a userequipment (UE), of connecting to a mobile communication network by usinga universal integrated circuit card (UICC) having a fixed profilemounted thereon, according to an embodiment of the disclosure;

FIG. 2 illustrates an example for describing a procedure in which amobile operator remotely manages a profile in a UE through a profileserver when there is no profile enabled in the UE, according to anembodiment of the disclosure;

FIG. 3A illustrates an example for describing a procedure in which amobile operator remotely manages a profile in a UE through a profileserver when there is an enabled profile in the UE, according to anembodiment of the disclosure;

FIG. 3B illustrates an example for describing a procedure in which amobile operator remotely manages a profile in a UE through a profileserver when there is an enabled profile in the UE, according to anembodiment of the disclosure;

FIG. 3C illustrates an example for describing a procedure in which amobile operator remotely manages a profile in a UE through a profileserver when there is an enabled profile in the UE, according to anembodiment of the disclosure;

FIG. 4 illustrates another example for describing a procedure in which amobile operator remotely manages a profile in a UE through a profileserver when there is an enabled profile in the UE, according to anembodiment of the disclosure;

FIG. 5 illustrates an example for describing a method of defining andusing profile owner information and profile sub-owner information in aprofile, according to an embodiment of the disclosure;

FIG. 6 illustrates an example for describing a procedure in which amobile operator remotely manages a profile in a UE through a profileserver when there is an enabled profile in the UE, according to anembodiment of the disclosure;

FIG. 7A illustrates an example of a method, performed by a UE, ofchecking profile owner information and profile sub-owner information andprocessing a remote management command, according to an embodiment ofthe disclosure;

FIG. 7B illustrates a procedure for comparing a profile owner of atarget profile with a profile sub-owner of a currently enabled profileto determine whether at least one profile owner of the target profileand at least one profile sub-owner of the currently enabled profile areidentical to each other, when a UE is capable of enabling two or moreprofiles and receives a remote management command, according to anembodiment of the disclosure;

FIG. 8 is a block diagram of a UE according to an embodiment of thedisclosure; and

FIG. 9 is a block diagram of a profile server according to an embodimentof the disclosure.

Throughout the drawings, like reference numerals will be understood torefer to like parts, components, and structures.

DETAILED DESCRIPTION

The following description with reference to the accompanying drawings isprovided to assist in a comprehensive understanding of variousembodiments of the disclosure as defined by the claims and theirequivalents. It includes various specific details to assist in thatunderstanding, but these are to be regarded as merely exemplary.Accordingly, those of ordinary skill in the art will recognize thatvarious changes and modifications of the various embodiments describedherein can be made without departing from the scope and spirit of thedisclosure. In addition, descriptions of well-known functions andconstructions may be omitted for clarity and conciseness.

The terms and words used in the following description and claims are notlimited to the bibliographical meanings, but are merely used by theinventor to enable a clear and consistent understanding of thedisclosure. Accordingly, it should be apparent to those skilled in theart that the following description of various embodiments of thedisclosure is provided for illustration purposes only and not for thepurpose of limiting the disclosure as defined by the appended claims andtheir equivalents.

It is to be understood that the singular forms “a,” “an,” and “the”include plural referents unless the context clearly dictates otherwise.Thus, for example, reference to “a component surface” includes referenceto one or more of such surfaces.

For the same reasons, some elements may be exaggerated, omitted, orsimplified in the attached drawings. The size of each element does notentirely reflect the actual size of the element. In each drawing, anidentical or corresponding element will be referred to as an identicalreference numeral.

Advantages and features of the disclosure and a method for achievingthem will be apparent with reference to embodiments of the disclosuredescribed below together with the attached drawings. However, thedisclosure is not limited to the disclosed embodiments of thedisclosure, but may be implemented in various ways, and to allow thoseof ordinary skill in the art to understand the scope of the disclosure.The disclosure is defined by the category of the claims. Throughout thespecification, an identical reference numeral will indicate an identicalelement.

Meanwhile, it is known to those of ordinary skill in the art that blocksof a flowchart and a combination of flowcharts may be represented andexecuted by computer program instructions. These computer programinstructions may also be stored in a general-purpose computer, aspecial-purpose computer, or a processor of other programmable dataprocessing devices, such that the instructions implemented by thecomputer or the processor of the programmable data processing deviceproduce a means for performing functions specified in the flowchartand/or block diagram block or blocks. These computer programinstructions may also be stored in a computer usable orcomputer-readable memory that may direct a computer or otherprogrammable data processing apparatus to function in a particularmanner, such that the instructions stored in the computer usable orcomputer-readable memory produce an article of manufacture includinginstructions that implement the function specified in the flowchartand/or block diagram block or blocks. The computer program instructionsmay also be loaded onto a computer or other programmable data processingapparatus to cause a series of operational steps to be performed on thecomputer or other programmable apparatus to produce a computerimplemented process, such that the instructions that execute on thecomputer or other programmable apparatus may provide steps forimplementing the functions specified in the flowchart and/or blockdiagram block or blocks.

In addition, each block represents a module, segment, or portion ofcode, which includes one or more executable instructions forimplementing the specified logical function(s). It should also be notedthat in other implementations, the function(s) noted in the blocks mayoccur out of the order indicated. For example, two blocks shown insuccession may, in fact, be executed substantially concurrently or theblocks may sometimes be executed in the reverse order, depending on thefunctionality involved.

In the current embodiment of the disclosure, the term “unit”, as usedherein, denotes a software or hardware component, such as a fieldprogrammable gate array (FPGA) or application specific integratedcircuit (ASIC), which performs certain tasks. However, the meaning of“unit” is not limited to software or hardware. “unit” may advantageouslybe configured to reside on the addressable storage medium and configuredto reproduce one or more processors. Thus, a unit may include, by way ofexample, components, such as software components, object-orientedsoftware components, class components and task components, processes,functions, attributes, procedures, subroutines, segments of programcode, drivers, firmware, microcode, circuitry, data, databases, datastructures, tables, arrays, and variables. The functionality providedfor in the components and “unit(s)” may be combined into fewercomponents and “unit(s)” or further separated into additional componentsand “unit(s)”. In addition, components and “unit(s)” may be implementedto execute one or more central processing units (CPUs) in a device or asecure multimedia card.

Particular terms used in the following description are provided to helpwith the understanding of the disclosure, and the use of the particularterms may be changed without departing from the technical spirit of thedisclosure.

A universal integrated circuit card (UICC) is a smart card inserted intoa mobile communication UE, etc., for use, and is also referred to as aUICC card. The UICC may include an access control module for accessing anetwork of a mobile operator. Examples of the access control module mayinclude a universal subscriber identity module (USIM), a subscriberidentity module (SIM), an Internet protocol multimedia service identitymodule (ISIM), etc. A UICC including the USIM is generally called a USIMcard. Likewise, a UICC including a SIM module is generally called a SIMcard.

Thus, the terms disclosed in the disclosure, “SIM card”, “UICC card”,“USIM card”, and “UICC including an ISIM” will be used having the samemeaning. Technical applications with respect to the SIM card may also beequally applied to a USIM card, an ISIM card, or a general UICC card.

The SIM card stores personal information of a mobile communicationsubscriber and performs subscriber authentication and traffic securitykey generation when accessing the mobile communication network, enablingsecure mobile communication.

The SIM card is manufactured as a dedicated card for a particular mobileoperator at the request of the mobile operator in card manufacturing atthe time of proposing the disclosure, and authentication information fornetwork access of the mobile operator, e.g., a universal subscriberidentity module (USIM) application, an international mobile subscriberidentity (IMSI), a K value, an OPc value, etc., may be mounted inadvance in the SIM card which is then released. The manufactured SIMcard is delivered to the mobile operator who then provides the SIM cardto a subscriber and performs management, such as installation,modification, deletion, etc., with respect to an application in the UICCcard by using a technique such as Over the Air (OTA) technology whenneeded. The subscriber inserts the UICC card into the subscriber'smobile communication user equipment (UE) to use a network and anapplication service of the operator, and when exchanging the UE with anew UE, the subscriber may use the authentication information, phonenumbers, personal phonebook, and so forth stored in the UICC card in thenew UE, by moving and inserting the UICC card to and into the new UEfrom the existing UE.

However, with the SIM card, it may be troublesome for a mobilecommunication UE user to be provided with a service of a differentmobile operator. The mobile communication UE user may encounter theinconvenience of having to physically obtain the SIM card so as to beprovided with a service from a mobile operator. For example, to beprovided with a local mobile communication service when the user goes ona trip to another country, the user has to obtain a local SIM card. Aroaming service, despite mitigating the inconvenience to some extent,may charge a relatively high fee and may not be provided unless contactbetween mobile operators is made.

Such an inconvenience may be largely solved by remotely downloading andinstalling the SIM module in the UICC card. The SIM module of a mobilecommunication service to be used may be downloaded in the UICC card at auser-desired time. For the UICC card, a plurality of SIM modules may bedownloaded and installed, and one of them may be selected and used. TheUICC card may or may not be fixed in the UE. The UICC fixedly used inthe UE is referred to as an embedded UICC (eUICC) that is generally usedby being fixed in the UE and may mean a UICC card capable of remotelydownloading and selecting a SIM module. In the following disclosure, theUICC card capable of remotely downloading and selecting the SIM modulewill be collectively referred to as an eUICC. That is, out of UICC cardscapable of remotely downloading and selecting the SIM module, the UICCcard fixed or not fixed in the UE will be collectively referred to as aneUICC. Downloaded SIM module information will be collectively referredto as an eUICC profile, more briefly, a profile.

Hereinbelow, terms used in the specification will be described in moredetail.

In the disclosure, a UICC, which is a smart card inserted into a mobilecommunication UE for use, means a chip in which personal informationsuch as network access authentication information, a phonebook, and ashort messaging service (SMS) of a mobile communication subscriber isstored so as to allow secure use of mobile communication throughsubscriber authentication and traffic security key generation at thetime of access to a mobile communication network such as the GlobalSystem for Mobile Communications (GSM), Wideband Code Division MultipleAccess (WCDMA), Long-Term Evolution (LTE), etc. In the UICC, acommunication application such as a SIM, a USIM, an ISIM, etc. ismounted depending on a type of a mobile communication network accessedby a subscriber, and a higher-level security function for installingvarious applications such as an electronic wallet, ticketing, anelectronic passport, etc. may be provided.

In the disclosure, the eUICC is a security module that is not of aremovable type that may be inserted into and removed from the UE, but isin the form of a chip embedded in the UE. The eUICC may download andinstall a profile by using the OTA technology. That is, the eUICC may bea UICC capable of downloading and installing a profile.

In the disclosure, a method of downloading and installing a profile inthe eUICC by using the OTA technology may be applied to a removable UICCthat may be inserted into and removed from the UE. An embodiment of thedisclosure may be applied to the UICC that may download and install aprofile using the OTA technology.

In the disclosure, the term “UICC” may be interchangeably used with theSIM, and the term “eUICC” may be interchangeably used with the eSIM. Inthe disclosure, a profile may mean that an application, a file system,an authentication key, and so forth, stored in the UICC, are packaged inthe form of software. In the disclosure, a USIM profile may have thesame meaning as the profile or may mean that information included in anUSIM application in the profile is packaged in the form of software.

In the disclosure, an operation in which the UE enables a profile maymean an operation of changing a state of the profile into an enabledstate so that the UE may be provided with a communication servicethrough a mobile operator that provides the profile. The profile in theenabled state may be expressed as an “enabled profile”.

In the disclosure, when one or more profiles are installed in the UE,the number of profiles in the enabled state at the time of a particularpoint in time in the UE may be limited. In various embodiments of thedisclosure, it is assumed that a profile in the enabled state is limitedto one, but a plurality of profiles may be in the enabled state, and fora UE where the plurality of profiles are in the enabled state, variousembodiments of the disclosure may be correspondingly applied.

In the disclosure, an operation in which the UE disables a profile maymean an operation of changing a state of the profile into a disabledstate so that the UE may not be provided with a communication servicethrough a mobile operator that provides the profile. The profile in thedisabled state may be expressed as a “disabled profile”.

In the disclosure, an operation in which the UE deletes a profile maymean an operation of changing a state of the profile into a deletedstate so that the UE may not enable or disable the profile any longer.The profile in the deleted state may be expressed as a “deletedprofile”.

In the disclosure, an operation, performed by the UE, of enabling,disabling, or deleting a profile may mean an operation of marking theprofile as to be enabled, disabled, or deleted and changing the profileinto the enabled state, the disabled state, or the deleted state afterthe UE or the UICC of the UE performs a particular operation, instead ofimmediately changing the state of the profile into the enabled state,the disabled state, or the deleted state. The particular operationperformed by the UE or the UICC of the UE may be, for example, executionof a REFRESH or RESET command. The operation of marking a particularprofile as a scheduled state (i.e., to be enabled, to be disabled, or tobe deleted) is not limited to marking one profile as one scheduledstate, and may include marking one or more profiles as a particularscheduled state, respectively, one profile as one or more scheduledstates, or one or more profiles as one or more scheduled states,respectively. When one or more scheduled states are marked for aprofile, two marks may be integrated into one. For example, when aprofile is marked as to be disabled and to be deleted, the profile maybe integrally marked as to be disabled and deleted.

In the disclosure, a profile providing server may generate a profile,encrypt the generated profile, generate a profile remote managementinstruction, or encrypt the generated profile remote managementinstruction. The profile providing server may be expressed as at leastone of subscription manager data preparation (SM-DP), subscriptionmanager data preparation plus (SM-DP+), an off-card entity of a profiledomain, a profile encryption server, a profile generation server, aprofile provisioner (PP), a profile provider, or a profile provisioningcredentials (PPC) holder.

In the disclosure, a profile managing server may be expressed as atleast one of subscription manager secure routing (SM-SR), subscriptionmanager secure routing plus (SM-SR+), an off-card entity of an eUICCprofile manager, a profile management credentials (PMC) holder, or aneUICC manager (EM).

In the disclosure, when the profile providing server is indicated, itmay collectively indicate integration of a function of the profilemanaging server. Thus, in various embodiments of the disclosure, anoperation of the profile providing server may be performed by theprofile managing server. Likewise, an operation of describing theprofile managing server or the SM-SR may also be performed by theprofile providing server. In addition, in the specification of thedisclosure, the profile providing server or the profile managing servermay be expressed as a profile server. The profile server may be one ofthe profile providing server or the profile managing server, or mayinclude both the profile providing server and the profile managingserver.

In the disclosure, an activation relay server may be expressed as atleast one of a subscription manager discovery service (SM-DS), adiscovery service (DS), a root activation relay server (root SM-DS), oran alternative activation relay server (alternative SM-DS). Theactivation relay server may receive an event registration request(Register Event Request or Event Register Request) from one or moreprofile providing servers or activation relay servers. The one or moreactivation relay servers may be mixedly used, and in this case, a firstactivation relay server may receive an event registration request from asecond activation relay server as well as from the profile providingserver. The profile server may include the activation relay server.

In the disclosure, the profile providing server and the activation relayserver may be referred to as a “remote SIM provisioning (RSP) server”.The RSP server may be expressed as a subscription manager (SM)-XX.

The term “terminal” used in the disclosure may refer to a mobile station(MS), a user equipment (UE), a user terminal (UT), a wireless terminal,an access terminal (AT), a terminal, a subscriber unit (SU), asubscriber station (SS), a wireless device, a wireless communicationdevice, a wireless transmit/receive unit (WTRU), a mobile node, a mobileunit, or other devices. Various embodiments of the disclosure of the UEmay include a cellular phone, a smart phone having a wirelesscommunication function, a personal digital assistant (PDA) having awireless communication function, a wireless modem, a portable computerhaving a wireless communication function, a photographing device havinga wireless communication function, such as a digital camera, a gamingdevice having a wireless communication function, a music storage andplay home appliance having a wireless communication function and anInternet home appliance capable of wireless Internet connection andbrowsing, and portable units or UEs having integrated thereincombinations of such functions. The UE may also include, but is notlimited to, a machine-to-machine (M2M) UE and a machine typecommunication (MTC) UE/device. In the disclosure, the UE may be referredto as an electronic device.

In the disclosure, an electronic device may include a UICC capable ofdownloading and installing a profile. When the UICC is not included inthe electronic device, the UICC, which is physically separated from theelectronic device, may be inserted into and connected with theelectronic device. For example, the UICC may be inserted into theelectronic device in the form of a card. The electronic device mayinclude a UE, and in this case, the UE may be a UE including a UICCcapable of downloading and installing a profile. The UICC may beincluded in the UICC, and when the UICC is separated from the UE, theUICC may be inserted into the UE, thus being connected with the UE. TheUICC, which is capable of downloading and installing the profile, may bereferred to as, for example, the eUICC.

In the disclosure, the UE or the electronic device may include softwareor an application may be installed in the UE or the electronic device tocontrol the UICC or the eUICC. The software or the application may bereferred to as, e.g., a local profile assistant (LPA).

In the disclosure, a profile separator may be referred to as a profileidentification (ID), an integrated circuit card ID (ICCID), a matchingID, an event ID, an activation code, an activation code token, a commandcode, a command code token, or a factor matching an ISD-P or profiledomain (PD). The profile ID may indicate a unique ID of each profile.The profile separator may include an address of a profile providingserver (SM-DP+) capable of indexing a profile.

In the disclosure, the eUICC ID may be a unique ID of the eUICC includedin the UE, and may be referred to as an EID. When a provisioning profileis previously mounted in the eUICC, the eUICC ID may be a profile ID ofthe provisioning profile. When the UE and an eUICC chip are notseparated as in an embodiment of the disclosure, the eUICC ID may be aUE ID. The eUICC ID may also be a specific secure domain of the eUICCchip.

In the disclosure, a profile container may be referred to as a profiledomain. A profile container may be a security domain.

In the disclosure, an application protocol data unit (APDU) may be amessage for interworking of the UE with the eUICC. The APDU may be amessage for interworking of a profile provisioner (PP) or a profilemanager (PM) with the eUICC.

In the disclosure, profile provisioning credentials (PPC) may be a meansused to perform mutual authentication between the profile providingserver and the eUICC, profile encryption, and signing. The PPC mayinclude one or more of a symmetric key, Rivest Shamir Adleman (RSA)certificate and private key, elliptic curved cryptography (ECC)certificate and private key, root certification authority (CA), and acertificate chain. When the profile providing server is provided inplural, a different PPC for each of a plurality of profile providingservers may be stored in the eUICC or may be used.

In the disclosure, Profile Management Credentials (PMC) may be a meansused to perform mutual authentication between the profile managingserver and the eUICC, transmission data encryption, and signing. The PMCmay include one or more of a symmetric key, RSA certificate and personalkey, ECC certificate and personal key, root CA, and a certificate chain.When the profile managing server is provided in plural, a different PMCfor each of a plurality of profile managing servers may be stored in theeUICC or may be used.

In the disclosure, AID may indicate an application identifier. Thisvalue may be a separator that separates different applications in theeUICC.

In the disclosure, an event (Event) may be a term that collectivelyrefers to profile download (Profile Download), remote profile management(Remote Profile Management), or a management/processing instruction ofanother profile or the eUICC. The event (Event) may be referred to as aremote SIM provisioning operation, an RSP operation (RSP Operation), oran event record (Event Record), and each event (Event) may be referredto as data including at least one of a corresponding event identifier(Event Identifier, Event ID, or EventID), a matching identifier(Matching Identifier, Matching ID, or MatchingID), or an address (FQDN,an IP address, or a uniform resource locator (URL) of the profileproviding server (SM-DP+) or the activation relay server (SM-DS) havingthe event stored therein. Profile download (Profile Download) may beused interchangeably with profile installation (Profile Installation).An event type (Event Type) may be used as a term indicating whether aparticular event is profile download or remote profile management (e.g.,deletion, enabling, disabling, replacement, update, etc.) or anotherprofile or an eUICC management/process command, and may be referred toas an operation type (Operation Type or OperationType), an operationclass (Operation Class or OperationClass), an event request type (EventRequest Type), an event class (Event Class), an event request class(Event Request Class), etc.

In the disclosure, a profile package (Profile Package) may be usedinterchangeably with a profile or used as a term indicating a dataobject of the profile, and may be referred to as a profiletag/length/value (TLV) (Profile TLV) or a profile package TLV (ProfilePackage TLV). When the profile package is encrypted using an encryptionparameter, the profile package may be referred to as a protected profilepackage (Protected Profile Package (PPP)) or Protected Profile PackageTLV (PPP TLV). When the profile package is encrypted using an encryptionparameter that is decryptable only by a particular eUICC, the profilepackage may be referred to as a bound profile package (Bound ProfilePackage (BPP)) or Bound Profile Package TLV (BPP TLV). The profilepackage TLV may be a data set expressing information configuring aprofile in the form of a TLV.

In the disclosure, a remote profile management (RPM) may be referred toas profile remote management, remote management, a remote managementcommand, a remote command, an RPM package, a profile remote managementpackage, a remote management package, a remote management commandpackage, or a remote command package. The RPM may be used to change astate (enabled, disabled, or deleted) of a particular profile or updatecontents of the profile (e.g., a nickname of the profile (ProfileNickname), profile summary information (Profile Metadata), etc.). TheRPM may include one or more remote management commands, and a profilethat is a target for each remote management command may be the same ordifferent for each remote management command.

In the disclosure, a certificate or a digital certificate may indicate adigital certificate used in mutual authentication based on an asymmetrickey including a pair of a public key (PK) and a secret key (SK). Eachcertificate may include one or more PKs, a public key identifier (PKID)corresponding to each public key, a certificate issuer ID of acertificate issuer (CI) issuing the certificate, and a digitalsignature. The certificate issuer may be referred to as a CertificationIssuer, a Certification Authority, a CA, etc. In the disclosure, a PKand a public key ID (PKID) may be used as the same meaning indicating aPK, a certificate including the PK, a part of the PK, a part of thecertificate including the PK, an operation result of the PK (e.g., ahash value), an operation result of the certificate including the PK(e.g., a hash value), an operation result of the part of the PK (e.g., ahash value), an operation result of the part of the certificateincluding the PK (e.g., a hash value), or a storage space storing thelisted data.

In the disclosure, when certificates (primary certificates) issued byone CI are used to issue other certificates (secondary certificates) orthe secondary certificates are used to connectively issue tertiary orhigher-degree certificates, a correlation between correspondingcertificates may be referred to as a certificate chain or a certificatehierarchy, and in this case, a CI certificate used in initialcertificate issuance may be referred to as a root of a certificate, thehighest-layer certificate, a root CI, a root CI certificate, a root CA,a root CA certificate, etc.

In the disclosure, a mobile operator may indicate an operator providinga communication server to the UE, and may indicate a business supportingsystem (BSS) of the mobile operator, an operational supporting system(OSS), a point of sale (PoS) terminal, and other IT systems. In thedisclosure, a mobile operator may be used as a term referring to notonly a particular operator providing a communication service, but alsoto a group, an association, or a consortium of one or more mobileoperators, or a representative of the group, the association, or theconsortium. In the disclosure, the mobile operator may be referred to asan operator (OP or Op.), a mobile network operator (MNO), a serviceprovider (SP), a profile owner (PO), etc., and each mobile operator mayset at least one of a name or an object identifier (OID) of the mobileoperator or may be assigned with the same. When a mobile operatorindicates a group, association, or agency of one or more operators, aname or a unique ID of the group, association, or agency may be a nameor a unique ID shared among all companies belonging to the group orassociation or all companies cooperating with the agency.

In the disclosure, AKA may indicate authentication and key agreement,and may indicate an authentication algorithm for connection to 3GPP and3GPP2 networks.

In the specification, K (or K value) may an encryption key value storedin the eUICC used for an AKA authentication algorithm.

In the disclosure, OPc may be a parameter value stored in the eUICC usedin the AKA authentication algorithm.

In the disclosure, NAA, which is a network access application, may be anapplication stored in the UICC to connect to a network, such as a USIMor ISIM. The NAA may be a network access module.

In the disclosure, when it is determined to make the subject matter ofthe disclosure unclear, the detailed description of known functions orconfigurations may be omitted.

Hereinbelow, a description will be made of various embodiments of thedisclosure of a method and apparatus for generating and managing a listof mobile operators capable of remotely managing a profile, a method andapparatus for downloading and installing a communication service in a UEin a communication system for communication connection, and a method andapparatus for downloading, installing, and managing a profile online ina communication system.

FIG. 1 is a diagram for describing a method, performed by a UE, ofconnecting to a mobile communication network by using a UICC having afixed profile mounted thereon, according to an embodiment of thedisclosure.

Referring to FIG. 1, a UICC 120 may be inserted into a UE 110. Forexample, the UICC 120 may be a removable type and may be previouslyincluded in the UE 110.

The fixed profile mounted in the UICC may mean that access informationallowing access to a particular mobile operator is fixed. For example,the access information may include an IMSI that is a subscriberseparator and a K or Ki value needed to authenticate a network togetherwith the subscriber separator.

The UE 110 may perform authentication with an authentication processingsystem (e.g., a home location register (HLR) or an authentication center(AuC)) of a mobile operator by using the UICC 120. For example, anauthentication process may be an AKA process. When the UE 110 succeedsin authentication, the UE 110 may use a mobile communication servicesuch as use of a phone or mobile data by using a mobile communicationnetwork 130 of a mobile communication system.

FIG. 2 illustrates an example for describing a procedure in which firstand second mobile operators and remotely manage first through thirdprofiles in a UE through first and second profile servers and when anyprofile is not in an enabled state in the UE 250, according to anembodiment of the disclosure.

Referring to FIG. 2, the UE 250 may be a UE having an eSIM mountedtherein. In the UE 250, one or more profiles may be installed. Referringto FIG. 2, FIG. 2 shows a case where a first profile 252, a secondprofile 254, and a third profile 256 are installed in the UE 250, and atleast one profile is not in the enabled state.

In FIG. 2, the first and second mobile operators 260 and 262 may own oneor more profiles, and when a profile owned by the first or second mobileoperator 260 or 262 is in the enabled state, the first or second mobileoperator 260 or 262 may provide a communication service to the UE 250.For example, in FIG. 2, the first mobile operator 260 may own the firstprofile 252 and the second profile 254, and the second mobile operator262 may own the third profile 256. Such profile owner (Profile Owner)information may be included in a profile or profile summary information(Profile Metadata), and may be expressed as a name or a uniqueidentifier (Object Identifier (OID)) of a corresponding mobile operator.In the drawing of the disclosure, for convenience, a name expressed as acharacter string (Op.1 or Op. 2) indicates a profile owner, but theprofile owner may also be indicated by a unique ID (OID, e.g.,“1.10.42.213.3”) expressed as a character string as described above.Additionally, an implicit disable counter indicating the allowablenumber of times a profile may be implicitly disabled by a profile ownermay be indicated, together with the profile owner information, in theprofile. The implicit disable and the implicit disable counter will bedescribed in more detail with reference to FIG. 5. In addition, whileone profile owner is illustrated in each profile in the drawing of thedisclosure, one or more profile owners may also be defined in eachprofile. When a profile owner is designated in plural, an implicitdisable counter for each profile owner may also be designated in plural.

In FIG. 2, first and second profile servers 270 and 272 may receiverequests from the mobile operators 260 and 262, generate a profileremote management command, and deliver the same to the UE 250. In thiscase, the profile server may be exclusively connected with a particularmobile operator. For example, in the drawing, the first mobile operator260 may be connected with the first profile server 270, and the secondmobile operator 262 may be connected with the second profile server 272.

Referring to FIG. 2, in operation 201, the first mobile operator 260 maytransmit a request for remote management of the second profile 254 ownedby the first mobile operator 260 to the first profile server 270. Forexample, operation 201 may be an operation of requesting enabling of thesecond profile 254 currently in a disabled state in the UE 250.According to some embodiments of the disclosure, operation 201 may usean “RPM Order” message.

In operation 203, the first profile server 270 may determine whether thefirst mobile operator 260 is a profile owner of the second profile 254.To this end, the first profile server 270 may manage an OID of the firstmobile operator 260 and information of all profiles owned by the firstmobile operator 260, and identify and determine a profile owner of eachprofile. When the first profile server 270 determines that the firstmobile operator 260 is an owner of the second profile 254, the firstprofile server 270 may generate a remote management command for thesecond profile 254 and transmit the same to the UE 250. For example, theremote management command may be a command enabling the second profile254. According to some embodiments of the disclosure, operation 203 mayuse at least one of an “Initiate Authentication” message or an“Authenticate Client” message.

The aforementioned operation of determining whether a mobile operator isa profile owner of a profile may be referred to as profile owner check.The profile owner check is not necessarily performed by a profile server(e.g., in operation 203); this operation may be performed by the UE 250instead or in parallel (e.g., in operation 205). While it is describedin embodiments of the disclosure that the profile owner check isperformed by the profile server, the profile owner check may be replacedwith or performed in parallel with a corresponding operation of the UE.The profile owner check performed by the UE will be described in detailwith reference to operations 305 or 311 of FIGS. 3A to 3C. When one ormore profile owners of a profile are set, the profile owner check may bean operation of determining whether a mobile operator is included in aprofile owner list of the profile.

In operation 205, the UE 250 may enable the second profile 254 andreceive a communication service through the first mobile operator. Asshown in FIG. 2, when no profile is enabled in the UE 250, the UE mayimmediately enable the second profile 254 in operation 205.

In operation 207, the second mobile operator 262 may transmit a requestfor remote management of the third profile 256 owned by the secondmobile operator 262 to the second profile server 272. For example,operation 207 may be an operation of requesting enabling of the thirdprofile 256 currently in a disabled state in the UE 250. According tosome embodiments of the disclosure, operation 207 may use an “RPM Order”message.

In operation 209, the second profile server 272 may determine whetherthe second mobile operator 262 is a profile owner of the third profile256. The second profile server 272 may manage an OID of the secondmobile operator 262 and information of all profiles owned by the secondmobile operator 262, and identify and determine a profile owner. Whenthe second profile server 272 determines that the second mobile operator262 is an owner of the third profile 256, the second profile server 272may generate a remote management command for the third profile 256 andtransmit the same to the UE 250. For example, the remote managementcommand may be a command enabling the third profile 256. According tosome embodiments of the disclosure, operation 209 may use at least oneof an “Initiate Authentication” message or an “Authenticate Client”message.

In operation 211, the UE 250 may enable the third profile 256 andreceive a communication service through the second mobile operator. Asshown in FIG. 2, when no profile is enabled in the UE 250, the UE mayimmediately enable the second profile 254 in operation 211.

In operation 203 or 209, the first profile server 270 or the secondprofile server 272 may determine whether the mobile operator 260 or 262requesting remote management of a profile has a remote managementauthority for the profile. When a mobile operator having no remotemanagement authority transmits a request for profile remote management,the profile server may reject the request. For example, as in operation213, when the first mobile operator 260 transmits a request for remotemanagement of the third profile 256 owned by the second mobile operator262 to the first profile server 270, the first profile server 270 mayreject the request of the first mobile operator 260. When the UE 250performs the profile owner check, rejection of the request for remotemanagement may be performed by the UE 250 (not shown).

FIGS. 3A, 3B, and 3C show an example for describing a procedure in whichthe first and second mobile operators 260 and 262 remotely manage thesecond profile 254 or the third profile 256 in the UE 250 through thefirst and second profile servers 270 and 272 when the first profile 252is in the enabled state in the UE 250, according to various embodimentsof the disclosure

Referring to FIGS. 3B and 3C show a case where the first profile 252,the second profile 254, and the third profile 256 are installed in theUE 250, among which the first profile 252 is in the enabled state. FIG.3A illustrates FIGS. 3B and 3C as one drawing. Settings of each profileand a mobile operator who owns the profile are referred to in thedescription made with reference to FIG. 2.

Referring to FIG. 3B, in operation 301, the first mobile operator 260may transmit a request for remote management of the second profile 254owned by the first mobile operator 260 to the first profile server 270.For example, operation 301 may be an operation of requesting enabling ofthe second profile 254 currently in a disabled state in the UE 250.According to some embodiments of the disclosure, operation 301 may usean “RPM Order” message.

In operation 303, the first profile server 270 may determine whether thefirst mobile operator 260 is a profile owner of the second profile 254.The first profile server 270 may manage an OID of the first mobileoperator 260 and information of all profiles owned by the first mobileoperator 260, and identify and determine a profile owner of eachprofile. When the first profile server 270 determines that the firstmobile operator 260 is the owner of the second profile 254, the firstprofile server 270 may generate a remote management command for thesecond profile 254 and transmit the same to the UE 250. For example, theremote management command may be a command enabling the second profile254. According to some embodiments of the disclosure, operation 303 mayuse at least one of an “Initiate Authentication” message or an“Authenticate Client” message.

In operation 305, the UE 250 may attempt enabling of the second profile254. Unlike in operation 205 of FIG. 2 where no profile in the UE 250 isin the enabled state and thus the second profile 254 may be immediatelyenabled, when the first profile 252 in the UE 250 is in the enabledstate, the UE 250 may compare (verify) a profile owner of the currentlyenabled first profile 252 with a profile owner of the second profile 254that is a comparison target to determine whether at least one profileowner of the first profile 252 is identical to at least one profileowner of the second profile 254, in operation 305. FIG. 3B shows a casewhere the profile owner of the first profile 252 and the profile ownerof the second profile 254 are identical to each other as the firstmobile operator 260, such that the UE 250 may enable the second profile254 immediately after disabling of the first profile 252 and may beprovided with a communication service through the first mobile operator260. As such, when the first profile 252 is disabled by an enable remotemanagement command for the second profile 254 of the identical profileowner without a separate disable remote management command for the firstprofile 252, the disabling of the first profile 252 may be referred toas “implicit disable”.

Referring to FIG. 3C, in operation 307, the second mobile operator 262may transmit a request for remote management of the third profile 256owned by the second mobile operator 262 to the second profile server272. For example, operation 307 may be an operation of requestingenabling of the third profile 256 currently in a disabled state in theUE 250. According to some embodiments of the disclosure, operation 307may use an “RPM Order” message.

In operation 309, the second profile server 272 may determine whetherthe second mobile operator 262 is a profile owner of the third profile256. The second profile server 272 may manage an OID of the secondmobile operator 262 and information of all profiles owned by the secondmobile operator 262, and identify and determine a profile owner. Whenthe second profile server 272 determines that the second mobile operator262 is an owner of the third profile 256, the second profile server 272may generate a remote management command for the third profile 256 andtransmit the same to the UE 250. For example, the remote managementcommand may be a command enabling the third profile 256. According tosome embodiments of the disclosure, operation 309 may use at least oneof an “Initiate Authentication” message or an “Authenticate Client”message.

In operation 311, the UE 250 may attempt enabling of the third profile256. Unlike in operation 211 of FIG. 2 where any profile in the UE 250is not in the enabled state and thus the third profile 256 may beimmediately enabled, when the first profile 252 in the UE 250 is in theenabled state, the UE 250 may compare a profile owner of the currentlyenabled first profile 252 with a profile owner of the third profile 256that is a comparison target to determine whether at least one profileowner of the currently enabled first profile 252 is identical to atleast one profile owner of the third profile 256, in operation 311. FIG.3C shows a case where the profile owner of the first profile 252 is thefirst mobile operator 260, but the profile owner of the third profile256 is the second mobile operator 262, and the UE 250 may rejectenabling of the third profile 256, maintain the enabled state of thefirst profile 252, and be provided with a communication service throughthe first mobile operator 260.

Referring to FIG. 3A, 3B and 3C, when a profile is enabled through aremote management command as in operation 305 or 311, the UE may comparea profile owner of a target profile to be enabled by the remotemanagement command with a profile owner of a currently enabled profileto determine whether at least one profile owner of the target profile tobe enabled is identical with at least one profile owner of the currentlyenabled profile. This operation (together with operation 203 of FIG. 2)may also be referred to as a profile owner check.

FIG. 4 illustrates another example for describing a procedure in whichthe first and second mobile operators 260 and 262 remotely manage thesecond profile 254 or the third profile 256 in the UE 250 through thefirst and second profile servers 270 and 272 when the first profile 252is in the enabled state in the UE 250, according to an embodiment of thedisclosure. A description of settings of the UE 250 and each of thefirst through third profiles 252, 254, and 256 will refer to FIGS. 3A to3C.

Referring to FIG. 4, in operation 401, the first mobile operator 260 maytransmit a request for remote management of the first profile 252 ownedby the first mobile operator 260 to the first profile server 270. Forexample, operation 401 may be an operation of requesting disabling ofthe first profile 252 currently in the enabled state in the UE 250.According to some embodiments of the disclosure, operation 401 may usethe “RPM Order” message.

In operation 403, the first profile server 270 may determine whether thefirst mobile operator 260 is a profile owner of the first profile 252.The first profile server 270 may manage an OID of the first mobileoperator 260 and information of all profiles owned by the first mobileoperator 260, and identify and determine a profile owner of eachprofile. When the first profile server 270 determines that the firstmobile operator 260 is an owner of the first profile 252, the firstprofile server 270 may generate a remote management command for thefirst profile 252 and transmit the same to the UE 250. For example, theremote management command may be a command enabling the first profile252. According to some embodiments of the disclosure, operation 403 mayuse at least one of the “Initiate Authentication” message or the“Authenticate Client” message.

In operation 405, the UE 250 may disable the first profile 252 in theenabled state. Thereafter, when there is no other means (e.g., Wi-Fi,etc.) that provides network connection to the UE 250, the UE 250 maylose network connection.

In operation 407, the second mobile operator 262 may transmit a requestfor remote management of the third profile 256 owned by the secondmobile operator 262 to the second profile server 272. For example,operation 407 may be an operation of requesting enabling of the thirdprofile 256 currently in a disabled state in the UE 250. According tosome embodiments of the disclosure, operation 407 may use the “RPMOrder” message.

In operation 409, the second profile server 272 may determine whetherthe second mobile operator 262 is a profile owner of the third profile256. The second profile server 272 may manage an OID of the secondmobile operator 262 and information of all profiles owned by the secondmobile operator 262, and identify and determine a profile owner. Whenthe second profile server 272 determines that the second mobile operator262 is an owner of the third profile 256, the second profile server 272may generate a remote management command for the third profile 256 andtransmit the same to the UE 250. For example, the remote managementcommand may be a command for enabling the third profile 256. Accordingto some embodiments of the disclosure, operation 409 may use at leastone of the “Initiate Authentication” message or the “AuthenticateClient” message.

However, the UE 250 loses network connection in operation 405, such thatthe remote management command of the second profile server 272 may notbe delivered to the UE 250 in operation 409. Thus, a mobile operator whois not a profile owner of a currently enabled profile in the UE 250 mayhave a difficulty in enabling a profile owned by the mobile operatorthrough a remote management command.

FIG. 5 illustrates an example for describing a method of additionallydefining and using profile owner information and profile sub-ownerinformation in a profile, according to an embodiment of the disclosure.

Referring to FIG. 5, the first profile 252 and the second profile 254owned by the first mobile operator 260, and the third profile 256 ownedby the second mobile operator 262 may be installed in the UE 250. Unlikein the embodiments of the disclosure shown in FIGS. 2 through 4 whereprofile owner information is stored in each profile, FIG. 5 shows a casewhere profile sub-owner information is additionally described in eachprofile. A profile sub-owner may indicate at least one profile owner ofa profile capable of implicitly disabling another profile. For example,the profile sub-owner of the first profile 252 is the second mobileoperator 262, such that when the first profile 252 is in the enabledstate, the second mobile operator 262 may enable the third profile 256owned by the second mobile operator 262 through the remote managementcommand and the first profile 252 may be implicitly disabled.

A profile sub-owner may be referred to as a delegated profile owner or aprofile delegated owner, a secondary profile owner or a profilesecondary owner, or an allowed profile owner or an authorized profileowner, etc. Additionally, a counter indicating the number of times theprofile may be implicitly disabled by the profile sub-owner may berecorded together with profile sub-owner information. For example, thesecond profile 254 may indicate that the profile sub-owner is the secondmobile operator 262 and the implicit disable is allowed up to threetimes. It should be noted that one or more profile sub-owners may bedefined in each profile. When a profile owner is designated in plural,an implicit disable counter for each profile sub-owner may also bedesignated in plural. Moreover, while it is illustrated in FIG. 5 thatprofile sub-owner information is recorded in a profile, the profilesub-owner information may also be included in the remote managementcommand. This will be described in detail when describing operation 609of FIG. 6.

Operation 501 shows a procedure for determining whether the firstprofile 252 may be enabled by the remote management command when thethird profile 256 is in the enabled state. In operation 501, the UE 250may compare the profile owner of the third profile 256 with the profileowner of the first profile 252 to determine whether at least one profileowner of the third profile 256 is identical to at least one profileowner of the first profile 252. The profile owners of the two profilesare different from each other, such that the UE 250 may compare theprofile sub-owner of the third profile 256 with the profile owner of thefirst profile 252 to determine whether at least one profile sub-owner ofthe third profile 256 is identical to at least one profile owner of thefirst profile 252. The profile sub-owner of the third profile 256 is notdefined, such that eventually, the first profile 252 may be enabled bythe remote management command when the third profile 256 is in theenabled state.

Operation 503 shows a procedure for determining whether the secondprofile 254 may be enabled by the remote management command when thethird profile 256 is in the enabled state. In operation 503, the UE 250may compare the profile owner of the third profile 256 with the profileowner of the second profile 254 to determine whether at least oneprofile owner of the third profile 256 is identical to at least oneprofile owner of the second profile 254. The profile owners of the twoprofiles are different from each other, such that the UE 250 maysecondarily compare the profile sub-owner of the third profile 256 withthe profile owner of the second profile 254 to determine whether atleast one profile sub-owner of the third profile 256 is identical to atleast one profile owner of the second profile 254. The profile sub-ownerof the third profile 256 is not defined, such that eventually, thesecond profile 254 may be enabled by the remote management command whenthe third profile 256 is in the enabled state.

Operation 503 may assume a case where one profile may be in the enabledstate in the UE. When two or more profiles in the UE may be in theenabled state, the profile owner or the profile sub-owner may be checkedwhen a profile may not be enabled any longer in the UE. For example,when two profiles are in the enabled state and the first profile 252 isenabled in the UE 250, the UE 250, upon receiving the enable remotemanagement command for the second profile 254, may immediately enablethe second profile 254 without checking the profile owner or the profilesub-owner. In another example, when two profiles may be in the enabledstate and the first profile 252 and the second profile 254 are enabledin the UE 250, the UE 250, upon receiving the enable remote managementcommand for the third profile 256, may check the profile owners or theprofile sub-owners of the first profile 252 and the third profile 256,and when it is not possible to enable the third profile 256, the UE 250may check the profile owners or the profile sub-owners of the secondprofile 254 and the third profile 256. When it is still not possible toenable the third profile 256, the UE 250 may finally determine that itis not possible to enable the third profile 256 through the remotemanagement command. As such, a case where one or more profiles may be inthe enabled state in a UE will be described in detail with reference toFIG. 7B.

Operation 505 shows a procedure for determining whether the thirdprofile 256 may be enabled by the remote management command when thefirst profile 252 is in the enabled state. In operation 505, the UE 250may compare the profile owner of the first profile 252 with the profileowner of the third profile 256 to determine whether at least one profileowner of the first profile 252 is identical to at least one profileowner of the third profile 256. The profile owners of the two profilesare different from each other, such that the UE 250 may secondarilycompare the profile sub-owner of the first profile 252 with the profileowner of the third profile 256 to determine whether at least one profilesub-owner of the first profile 252 is identical to at least one profileowner of the third profile 256. The profile sub-owner of the firstprofile 252 and the profile sub-owner of the third profile 256correspond to the second mobile operator 262, such that when the firstprofile 252 is in the enabled state, the third profile 256 may beenabled by the remote management command and the first profile 252 maybe implicitly disabled. The profile sub-owner of the first profile 252has no limitation with respect to an implicit disable counter of theimplicit disable, such that operation 505 may be repeated several timeswithout any restriction.

Operation 507 shows a procedure for determining whether the thirdprofile 256 may be enabled by the remote management command when thesecond profile 254 is in the enabled state. In operation 507, the UE 250may compare the profile owner of the second profile 254 with the profileowner of the third profile 256 to determine whether at least one profileowner of the second profile 254 is identical to at least one profileowner of the third profile 256. The profile owners of the two profilesare different from each other, such that the UE 250 may secondarilycompare the profile sub-owner of the second profile 254 with the profileowner of the third profile 256 to determine whether at least one profilesub-owner of the second profile 254 is identical to at least one profileowner of the third profile 256. The profile sub-owner of the secondprofile 254 and the profile sub-owner of the third profile 256correspond to the second mobile operator 262, such that when the secondprofile 254 is in the enabled state, the third profile 256 may beenabled by the remote management command and the second profile 254 maybe implicitly disabled. The profile sub-owner of the second profile 254has a limitation with respect to an implicit disable counter of theimplicit disable as three times, such that operation 507 is allowed upto three times. To this end, the UE 250 may decrement the implicitdisable counter of the implicit disable of the second profile 254 eachtime operation 507 is performed, and after repetition of operation 507three times, the UE 250 may prevent additional allowance by deletingprofile sub-owner information of the second profile 254. Although aprofile server is not shown in the drawing for convenience, the mobileoperator may configure or update profile owner or profile sub-ownerinformation of the first profile 252, the second profile 254, and thethird profile 256 through one or more profile servers, and the profileowner information or the profile sub-owner information of each profilemay be stored in one or more profile servers as well as in the profile.

FIG. 6 illustrates another example for describing a procedure in whichthe first and second mobile operators and remotely manage the firstprofile or the third profile in the UE through the first and secondprofile servers and when the first profile is in the enabled state inthe UE, according to an embodiment of the disclosure.

Referring to FIG. 6, the first profile 252 owned by the first mobileoperator 260, and the third profile 256 owned by the second mobileoperator 262 may be installed in the UE 250. It is assumed that profilesub-owner information is stored in each profile. It is also assumed thatthe profile sub-owner of the first profile 252 is the second mobileoperator 262, the implicit disable counter of the implicit disable doesnot exist, and there is no profile sub-owner of the third profile 256.Although it is illustrated in the drawing for convenience that the firstprofile server 270 and the second profile server 272 are differentservers, the first profile server 270 and the second profile server 272may also be implemented with one server. According to an embodiment ofthe disclosure, profile owner or profile sub-owner information of thefirst profile 252 and/or the second profile 254 may be stored in theprofile server as well as in each profile.

In operation 601, the first mobile operator 260 may transmit a requestfor remote management of the first profile 252 owned by the first mobileoperator 260 to the first profile server 270. For example, operation 601may be an operation of requesting update of profile sub-ownerinformation of profile summary information (Profile Metadata) of thefirst profile 252 currently in the enabled state in the UE 250.According to some embodiments of the disclosure, operation 601 may usethe “RPM Order” message.

In operation 603, the first profile server 270 may determine whether thefirst mobile operator 260 is a profile owner of the first profile 252.To this end, the first profile server 270 may manage an OID of the firstmobile operator 260 and information of all profiles owned by the firstmobile operator 260, and identify and determine a profile owner of eachprofile. When the first profile server 270 determines that the firstmobile operator 260 is an owner of the first profile 252, the firstprofile server 270 may generate a remote management command for thefirst profile 252 and transmit the same to the UE 250. For example, theremote management command may be a command for updating the profilesummary information (Profile Metadata) of the first profile 252.According to some embodiments of the disclosure, operation 603 may useat least one of the “Initiate Authentication” message or the“Authenticate Client” message.

In operation 605, the UE 250 may update the profile summary information(Profile Metadata) of the first profile 252. The UE 250 may set theprofile sub-owner of the first profile 252 to the second mobile operator262. When the profile sub-owner has already been set in the firstprofile 252, operations 601 through 605 may be skipped.

In operation 607, the second mobile operator 262 may transmit a requestfor remote management of the third profile 256 owned by the secondmobile operator 262 to the second profile server 272. For example,operation 607 may be an operation of requesting enabling of the thirdprofile 256 currently in a disabled state in the UE 250. According tosome embodiments of the disclosure, operation 607 may use the “RPMOrder” message.

In operation 609, the second profile server 272 may determine whetherthe second mobile operator 262 is a profile owner of the third profile256. The second profile server 272 may manage an OID of the secondmobile operator 262 and information of all profiles owned by the secondmobile operator 262, and determine and identify a profile owner. Whenthe second profile server 272 determines that the second mobile operator262 is an owner of the third profile 256, the second profile server 272may generate a remote management command for the third profile 256 andtransmit the same to the UE 250. For example, the remote managementcommand may be a command for enabling the third profile 256. The remotemanagement command may further include profile sub-owner information tobe referred to by the UE 250 for enabling of the third profile 256. Forexample, the remote management command may be a command for enabling thethird profile 256 and implicitly disabling the first profile 252 whenthe first mobile operator 260 is set as the profile owner of the firstprofile 252 currently in the enabled state in the UE 250. According tosome embodiments of the disclosure, operation 609 may use at least oneof the “Initiate Authentication” message or the “Authenticate Client”message.

In operation 611, the UE 250 may compare the profile owner of the firstprofile 252 with the profile owner of the third profile 256 to determinewhether at least one profile owner of the first profile 252 is identicalto at least one profile owner of the third profile 256. The profileowners of the two profiles are different from each other, such that theUE 250 may secondarily compare the profile sub-owner of the firstprofile 252 with the profile owner of the third profile 256 to determinewhether at least one profile sub-owner of the first profile 252 isidentical to at least one profile owner of the third profile 256 areidentical to each other. The profile sub-owner of the first profile 252and the profile sub-owner of the third profile 256 correspond to thesecond mobile operator 262, such that when the first profile 252 is inthe enabled state, the third profile 256 may be enabled by the remotemanagement command and the first profile 252 may be implicitly disabled.

Referring to FIG. 6, when a profile is enabled by the remote managementcommand as in operation 611, the UE may perform at least one of thefollowing comparisons:

(A) comparing a profile owner of a target profile to be enabled by theremote management command and a profile sub-owner of a currently enabledprofile to determine whether at least one profile owner of the targetprofile to be enabled is identical to at least one profile sub-owner ofthe currently enabled profile;

(B) comparing (verifying) a profile sub-owner of the target profile tobe enabled by the remote management command with a profile owner of thecurrently enabled profile to determine whether at least one profilesub-owner of the target profile to be enabled is identical to at leastone profile owner of the currently enabled profile; and

(C) comparing (verifying) the profile sub-owner of the target profile tobe enabled by the remote management command with the profile sub-ownerof the currently enabled profile to determine whether at least oneprofile sub-owner of the target profile to be enabled is identical to atleast one profile sub-owner of the currently enabled profile.

This operation may also be referred to as profile sub-owner check. Inthe disclosure, the profile sub-owner check is mainly used to mean (A),but may further include (B) and (C). In the disclosure, the profileowner check may be integrated with and may be used as the same meaningas the profile sub-owner check.

FIG. 7A illustrates a procedure for comparing a profile owner of atarget profile with a profile sub-owner of a currently enabled profileto determine whether at least one profile owner of the target profile isidentical to at least one profile sub-owner of the currently enabledprofile, when the UE receives the remote management command, accordingto an embodiment of the disclosure.

Referring to FIG. 7, in operation 701, the UE 250 may start operating.

In operation 703, the UE 250 may receive the remote management command.

In operation 705, the UE 250 may determine a type of the received remotemanagement command.

In operation 707, the UE 250 may determine whether profile owner checkis needed for execution of the remote management command. When theprofile owner check is not needed (e.g., when the remote managementcommand is disabling, deletion, update, etc., of the profile or when theremote management command is intended to enable a particular profile incase of absence of a currently enabled profile as shown in FIG. 2), theUE 250 may perform operation 721. When the profile owner check is needed(e.g., in case of existence of the currently enabled profile as shown inFIGS. 3B and 4, when another profile is enabled), the UE 250 may performoperation 709.

In operation 709, the UE 250 may determine a profile owner. The UE 250may compare the profile owner of the currently enabled profile with theprofile owner of the target profile to be enabled by the remotemanagement command to determine whether at least one profile owner ofthe currently enabled profile is identical to at least one profile ownerof the target profile to be enabled. When at least one profile owner ofthe profile is identical to at least one profile owner of the otherprofile, the UE 250 may perform operation 721. When the profile ownersof the two profiles are different from each other, the UE 250 mayperform operation 711.

In operation 711, the UE 250 may perform profile sub-owner check. The UE250 may compare the profile sub-owner of the currently enabled profilewith the profile owner of the target profile to be enabled by the remotemanagement command to determine whether at least one profile sub-ownerof the currently enabled profile is identical to at least one profileowner of the target profile to be enabled. When the profile sub-owner ofthe currently enabled profile and the profile owner of the targetprofile to be enabled by the remote management command are different,the UE 250 may perform operation 723. When at least one profilesub-owner of the currently enabled profile and at least one profileowner of the target profile to be enabled by the remote managementcommand are identical to each other, the UE 250 may perform operation713.

Operations 709 and 711 are illustrated separately in FIG. 7A, butoperations 709 and 711 may be performed as one operation.

In operation 713, the UE 250 may determine whether an implicit disablecounter for the profile sub-owner of the currently enabled profile isset or exists. When there is no implicit disable counter, the UE 250 mayperform operation 721. When there is an implicit disable counter, the UE250 may perform operation 715.

In operation 715, the UE 250 may decrement the implicit disable counterof the currently enabled profile by 1.

In operation 717, the UE 250 may determine whether the implicit disablecounter of the currently enabled profile is 0. When the implicit disablecounter is greater than 0, the UE 250 may perform operation 721. Whenthe implicit disable counter is equal to 0, the UE 250 may performoperation 719.

In operation 719, the UE 250 may delete the profile sub-owner of thecurrently enabled profile and the implicit disable counter of thecurrently enabled profile.

In operation 721, the UE 250 may execute the remote management command.When the remote management command is intended to disable, delete, orupdate the profile, the UE 250 may disable, delete, or update thecorresponding target profile. In another example, when the remotemanagement command is intended to enable a particular profile when thereis no currently enabled profile, the UE 250 may enable the targetprofile. In another example, when the remote management command isintended to enable another profile when there is a currently enabledprofile, the UE 250 may first disable the currently enabled profile andthen enable the target profile. The UE 250 may generate a messageindicating an execution success as a result of execution of the remotemanagement command. The message indicating the execution success mayuse, for example, a load RPM package result message.

In operation 723, the UE 250 may reject the remote management command.The UE 250 may generate an error code expressing profile owner mismatch,profile sub-owner mismatch, or other various reasons why the remotemanagement command may not be executed. According to some embodiments ofthe disclosure, the error code may be expressed as a character string oras a corresponding number string. The UE 250 may generate a messageindicating an execution failure as the execution result of the remotemanagement command, include the error code in the message, and apply adigital signature to the entire message or a part thereof whennecessary. The message indicating the execution success may use, forexample, a load RPM package result message.

In operation 725, the UE 250 may stop operating and wait for receiving afurther remote management execution.

According to various embodiments of the disclosure, in the communicationsystem, the UE may process the remote management command by using theprofile owner and/or profile sub-owner information of the installedprofiles, and change the mobile operator without a loss of networkconnection. According to various embodiments of the disclosure, in thecommunication system, the profile server may control the profilesub-owner information of the profiles installed in the UE to set theprofile remote management execution authority and support mobileoperator change of the UE.

FIG. 7B illustrates a procedure for comparing a profile owner of atarget profile with a profile sub-owner of a currently enabled profileto determine whether at least one profile owner of the target profile isidentical to at least one profile sub-owner of the currently enabledprofile, when the UE is capable of enabling two or more profiles andreceives a remote management command, according to an embodiment of thedisclosure.

Referring to FIG. 7B, in operation 7001, the UE 250 may start operating.

In operation 7003, the UE 250 may receive the remote management command.

In operation 7005, the UE 250 may determine a type of the receivedremote management command.

In operation 7007, the UE 250 may determine whether profile owner checkis needed for execution of the remote management command. When theprofile owner check is not needed (e.g., when the remote managementcommand, which is disabling, deletion, update, etc., of the profile, isintended to enable a particular profile in case of absence of acurrently enabled profile as shown in FIG. 2, or when fewer profilesthan a number of profiles that may be enabled by the UE (e.g., a maximumnumber or a set number of profiles that may be enabled by the UE) arecurrently enabled and thus an additional profile may be enabled, suchthat a particular profile is enabled), the UE 250 may perform operation7025. When the profile owner check is needed (e.g., in case of existenceof the currently enabled profile as shown in FIGS. 3B and 4, whenanother profile is enabled), the UE 250 may perform operation 7009.

In operation 7009, the UE 250 may select one of two or more currentlyenabled profiles. A priority for selecting, by the UE 250, one of two ormore currently enabled profiles may be based on, but not limited to, thefollowing schemes:

a profile owned by a profile owner of a target profile is preferentiallyselected (higher priority);

a profile owned by a profile sub-owner of the target profile ispreferentially selected (higher priority);

a profile installed first is preferentially selected (higher priority);

a profile supporting the same radio access technology as that supportedby the target profile is preferentially selected (higher priority);

a profile that has not yet been selected is preferentially selected(higher priority); and

a profile selected in random order.

In operation 7011, the UE 250 may determine a profile owner. Morespecifically, the UE 250 may compare the profile owner of the profileselected in operation 7009 among the currently enabled profiles with theprofile owner of the target profile to be enabled by the remotemanagement command to determine whether at least one profile owner ofthe selected profile is identical to at least one profile owner of thetarget profile to be enabled. When at least one profile owner of theprofile is identical to at least one profile owner of the other profile,the UE 250 may perform operation 7025. When the profile owners of thetwo profiles are different from each other, the UE 250 may performoperation 7013.

In operation 7013, the UE 250 may perform profile sub-owner check. TheUE 250 may compare the profile sub-owner of the profile selected inoperation 7009 among the currently enabled profiles with the profileowner of the target profile to be enabled by the remote managementcommand to determine whether at least one profile sub-owner of theselected profile is identical to at least one profile owner of thetarget profile. When the profile sub-owner of the currently enabledprofile and the profile owner of the target profile to be enabled by theremote management command are different, the UE 250 may performoperation 7015. When at least one profile sub-owner of the currentlyenabled profile and at least one profile owner of the target profile tobe enabled by the remote management command are identical to each other,the UE 250 may perform operation 7017.

According to an embodiment of the disclosure, operations 7011 and 7013are illustrated separately in FIG. 7B, but operations 7011 and 7013 maybe performed as one operation.

In operation 7015, the UE 250 may determine whether another profile maybe selected from among the two or more currently enabled profiles inoperation 7009. When the profile owners and the profile sub-owners ofthe two or more currently enabled profiles have already been comparedwith the profile owner of the target profile in operations 7011 and7013, the UE 250 may perform operation 7027. When the profile owner andthe profile sub-owner of any one of the two or more currently enabledprofiles has not yet been compared with the profile owner of the targetprofile in operations 7011 and 7013, the UE 250 may perform operation7009.

In operation 7017, the UE 250 may determine whether an implicit disablecounter for the profile sub-owner of the profile selected in operation7009 from among the currently enabled profiles is set or exists. Whenthere is no implicit disable counter, the UE 250 may perform operation7025. When there is an implicit disable counter, the UE 250 may performoperation 7019.

In operation 7019, the UE 250 may decrement the implicit disable counterof the profile selected in operation 7009 from among the currentlyenabled profiles by 1.

In operation 7021, the UE 250 may determine whether the implicit disablecounter of the profile selected in operation 7009 from among thecurrently enabled profiles is 0. When the implicit disable counter isgreater than 0, the UE 250 may perform operation 7025. When the implicitdisable counter is equal to 0, the UE 250 may perform operation 7023.

In operation 7023, the UE 250 may delete the profile sub-owner and theimplicit disable counter of the implicit disable of the profile selectedin operation 7009 from among the currently enabled profiles.

In operation 7025, the UE 250 may execute the remote management command.For example, when the remote management command is intended to disable,delete, or update the profile, the UE 250 may disable, delete, or updatethe corresponding target profile. In another example, when the remotemanagement command is intended to enable a particular profile when thereis no currently enabled profile or one or more profiles may beadditionally enabled in the UE 250 without disabling of another profile,the UE 250 may enable the target profile. In another example, when theremote management command is intended to enable another profile in caseof existence of a currently enabled profile, the UE 250 may firstdisable the profile selected in operation 7009 from among the currentlyenabled profiles and then enable the target profile. The UE 250 maygenerate a message indicating an execution success as a result ofexecution of the remote management command. The message indicating theexecution success may use, for example, a load RPM package resultmessage.

In operation 7027, the UE 250 may reject the remote management command.The UE 250 may generate an error code expressing profile owner mismatch,profile sub-owner mismatch, or other various reasons why the remotemanagement command may not be executed. According to some embodiments ofthe disclosure, the error code may be expressed as a character string oras a corresponding number string. The UE 250 may generate a messageindicating an execution failure as the execution result of the remotemanagement command, include the error code in the message, and apply adigital signature to the entire message or a part thereof whennecessary. The message indicating the execution success may use, forexample, a load RPM package result message.

In operation 7029, the UE 250 may stop operating and wait for receivinga further remote management execution.

According to various embodiments of the disclosure, in the communicationsystem, the UE capable of enabling two or more profiles may process theremote management command with a plurality of profiles by using theprofile owner and/or profile sub-owner information of the installedprofiles, and change the mobile operator without a loss of networkconnection. According to various embodiments of the disclosure, in thecommunication system, the profile server may control the profilesub-owner information of the profiles installed in the UE to set theprofile remote management execution authority and support mobileoperator change of the UE.

FIG. 8 is a block diagram of the UE according to an embodiment of thedisclosure.

Referring to FIG. 8, the UE 250 may include a transceiver 810 and atleast one processor 820. The UE 250 may also include a UICC 830. Forexample, the UICC 830 may be inserted into the UE 250 or may be an eUICCembedded in the UE 250. The at least one processor 820 may also becalled a controller.

However, the configuration of the UE 250 is not limited to FIG. 8, andmay include components that are more or less than those illustrated inFIG. 8. According to some embodiments of the disclosure, the transceiver810, the at least one processor 820, and a memory (not shown) may beimplemented in the form of one chip. When the UICC 830 is embedded, theUICC 830 may also implemented in the chip together with the transceiver810, the at least one processor 820, and the memory. According to someembodiments of the disclosure, the transceiver 810 may transmit andreceive a signal, information, data, etc., according to variousembodiments of the disclosure to and from the profile server. Thetransceiver 810 may include an RF transmitter that up-converts andamplifies a frequency of a transmission signal and an RF signal thatlow-noise-amplifies a received signal and down-converts a frequency.However, this is merely an example of the transceiver 810, components ofwhich are not limited to the RF transmitter and the RF receiver. Thetransceiver 810 may receive a signal through a radio channel and outputthe received signal to the at least one processor 820, and transmit asignal output from the at least one processor 820 through the radiochannel.

According to some embodiments of the disclosure, the transceiver 810 mayreceive a message at least including a remote management command fromthe profile server. The transceiver 810 may respond with an executionresult of the remote management command to the profile server.

Meanwhile, the at least one processor 820 may be a component forcontrolling the UE overall. The processor 820 may control overalloperations of the UE according to various embodiments of the disclosuredescribed above.

According to some embodiments of the disclosure, the processor 820 mayrecognize a type of the received remote management command, determinewhether there is a currently enabled profile, determine whether profileowner check is needed, compare profile owners or profile sub-owners of acurrently enabled profile and a target profile to be enabled by theremote management command to determine whether at least one profileowners or at least one profile sub-owners of the currently enabledprofile and the target profile to be enabled are identical to eachother, adjust a counter of implicit disable of the currently enabledprofile, and generate a remote management command execution resultmessage (Load RPM Package Result).

In addition, according to some embodiments of the disclosure, the atleast one processor 820 may control the transceiver 810 to receive theremote management command from the profile server, process the remotemanagement command, and transmit the remote management command executionmessage to the profile server.

The UICC 830 according to various embodiments of the disclosure maydownload a profile and install the profile. The UICC 830 may manage theprofile.

According to some embodiments of the disclosure, the UICC 830 mayoperate under control of the processor 820. The UICC 830 may include aprocessor or controller for installing the profile, or an applicationmay be installed in the UICC 830. The entire application or a partthereof may be installed in the processor 820.

The UE may further include a memory (not shown) in which data such as abasic program, an application program, configuration information, etc.,for operations of the UE are stored. The memory may include at least onestorage medium among a flash memory-type storage medium, a harddisk-type storage medium, a multimedia card micro-type storage medium, acard-type memory (e.g., an SD or XS memory), a magnetic memory, amagnetic disk, an optical disk, a random access memory (RAM), a staticrandom access memory (SRAM), a read-only memory (ROM), a programmableread-only memory (PROM), or an electrically erasable programmableread-only memory (EEPROM). The processor 820 may perform variousoperations using various programs, contents, data, etc., stored in thememory.

FIG. 9 is a block diagram of a profile server according to an embodimentof the disclosure.

Referring to FIG. 9, the profile server may include a transceiver 910and at least one processor 920. However, the configuration of theprofile server is not limited to FIG. 9, and may include components thatare more or less than those illustrated in FIG. 9. According to someembodiments of the disclosure, the transceiver 910, the at least oneprocessor 920, and a memory (not shown) may be implemented in the formof one chip.

According to some embodiments of the disclosure, the transceiver 910 maytransmit and receive a signal, information, data, etc., according tovarious embodiments of the disclosure to and from a UE or a mobileoperator. For example, the transceiver 910 may receive a remotemanagement request from a mobile operator, transmit a remote managementcommand to the UE, and receive a remote management command executionresult from the UE.

The transceiver 910 may include an RF transmitter that up-converts andamplifies a frequency of a transmission signal and an RF signal thatlow-noise-amplifies a received signal and down-converts a frequency.However, this is merely an example of the transceiver 910, components ofwhich are not limited to the RF transmitter and the RF receiver. Thetransceiver 910 may receive a signal through a radio channel and outputthe received signal to the at least one processor 920, and transmit asignal output from the at least one processor 920 through the radiochannel.

Meanwhile, the at least one processor 920 may be a component forcontrolling the profile server overall. The processor 920 may controloverall operations of the profile server according to variousembodiments of the disclosure described above. The at least oneprocessor 920 may also be called a controller.

The processor 920 may receive the remote management request from themobile operator, determine whether the mobile operator is a properprofile owner, generate the remote management command, transmit theremote management command to the UE, and receive the remote managementcommand execution result from the UE.

An operator server may further include a memory (not shown) in whichdata such as a basic program, an application program, configurationinformation, etc., for operations of the operator server are stored. Thememory may include at least one storage medium among a flash memory-typestorage medium, a hard disk-type storage medium, a multimedia cardmicro-type storage medium, a card-type memory (e.g., an SD or XSmemory), a magnetic memory, a magnetic disk, an optical disk, a randomaccess memory (RAM), a static random access memory (SRAM), a read-onlymemory (ROM), a programmable read-only memory (PROM), or an electricallyerasable programmable read-only memory (EEPROM). The processor 920 mayperform various operations using various programs, contents, data, etc.,stored in the memory.

According to disclosed embodiments of the disclosure, a service may beeffectively provided in a mobile communication system.

In the above-described detailed embodiments of the disclosure,components included in the disclosure have been expressed as singular orplural according to the provided detailed embodiments of the disclosure.However, singular or plural expressions have been selected properly fora condition provided for convenience of a description, and thedisclosure is not limited to singular or plural components andcomponents expressed as plural may be configured as a single componentor a component expressed as singular may also be configured as pluralcomponents.

While embodiments of the disclosure have been described, various changesmay be made without departing the scope of the disclosure. Therefore,the scope of the disclosure should be defined by the appended claims andequivalents thereof, rather than by the described embodiments of thedisclosure.

It should be appreciated that various embodiments of the disclosure andthe terms used therein are not intended to limit the technologicalfeatures set forth herein to particular embodiments of the disclosureand include various changes, equivalents, or replacements for acorresponding embodiment of the disclosure. With regard to thedescription of the drawings, similar reference numerals may be used torefer to similar or related elements. It is to be understood that asingular form of a noun corresponding to an item may include one or moreof the things, unless the relevant context clearly indicates otherwise.In the disclosure, each of such phrases as “A or B,” “at least one of Aand B,” “at least one of A or B,” “A, B, or C,” “at least one of A, B,and C,” and “at least one of A, B, or C,” may include all possiblecombinations of the items enumerated together in a corresponding one ofthe phrases. Expressions such as “first,” “second,” “primarily,” or“secondary,” used herein may represent various elements regardless oforder and/or importance and do not limit corresponding elements. When itis described that an element (such as a first element) is “operativelyor communicatively coupled with/to” or “connected” to another element(such as a second element), the element can be directly connected to theother element or can be connected to the other element through anotherelement (e.g., a third element).

The term “module” used herein may mean, for example, a unit includingone of or a combination of two or more of hardware, software, andfirmware, and may be used interchangeably with terms such as logic, alogic block, a part, or a circuit. The module may be a single integralcomponent, or a minimum unit or part thereof, adapted to perform one ormore functions. For example, the module may be implemented as anapplication-specific integrated circuit (ASIC).

Various embodiments of the disclosure as set forth herein may beimplemented as software (e.g., a program) including one or moreinstructions that are stored in a storage medium (e.g., an internalmemory or an external memory) that is readable by a machine (e.g., acomputer). The machine may invoke stored instructions from the storagemedium and operate according to the invoked instructions, and mayinclude an electronic device (e.g., the UE 250) according to variousembodiments of the disclosure. When the instructions are executed by aprocessor (for example, the processor 820 of FIG. 8 or the processor 920of FIG. 9), the processor may perform functions corresponding to theinstructions. The one or more instructions may include a code generatedby a complier or a code executable by an interpreter.

The machine-readable storage medium may be provided in the form of anon-transitory storage medium. Wherein, the term “non-transitory” simplymeans that the storage medium is a tangible device, and does not includea signal (e.g., an electromagnetic wave), but this term does notdifferentiate between where data is semi-permanently stored in thestorage medium and where the data is temporarily stored in the storagemedium.

A method according to various embodiments of the disclosure may beincluded and provided in a computer program product. The computerprogram product may be traded as a product between a seller and a buyer.The computer program product may be distributed in the form of amachine-readable storage medium (e.g., compact disc read only memory(CD-ROM)), or be distributed (e.g., downloaded or uploaded) online viaan application store (e.g., Play Store™), or between two user devices(e.g., smart phones) directly. When distributed online, at least part ofthe computer program product may be temporarily generated or at leasttemporarily stored in the machine-readable storage medium, such asmemory of the manufacturer's server, a server of the application store,or a relay server.

While the disclosure has been shown and described with reference tovarious embodiments thereof, it will be understood by those skilled inthe art that various changes in form and details may be made thereinwithout departing from the spirit and scope of the disclosure as definedby the appended claims and their equivalents.

What is claimed is:
 1. A method, performed by a user equipment (UE), ofcontrolling a profile, the method comprising: receiving a remote profilemanagement command regarding a target profile from a profile server;determining whether an enabled profile exists; verifying whether profileowner information of the target profile corresponds to profile ownerinformation or sub-owner information of the enabled profile, based on aresult of the determination; and selectively executing the remoteprofile management command based on a result of the verification.
 2. Themethod of claim 1, wherein the sub-owner information comprisesinformation of a profile owner capable of implicitly disabling theenabled profile.
 3. The method of claim 2, wherein when the sub-ownerinformation corresponding to the enabled profile does not exist and theprofile owner information of the enabled profile and the profile ownerinformation of the target profile are different from each other, theenabled profile is not capable of being disabled implicitly.
 4. Themethod of claim 1, wherein the selectively executing of the remoteprofile management command based on the result of the verificationcomprises disabling the enabled profile when the profile ownerinformation of the target profile corresponds to the profile ownerinformation or the sub-owner information of the enabled profile.
 5. Themethod of claim 4, wherein the disabling of the enabled profilecomprises immediately disabling the enabled profile or marking theenabled profile as to be disabled to disable the enabled profile afterperforming a predetermined operation.
 6. The method of claim 4, furthercomprising enabling the target profile.
 7. The method of claim 6,wherein the enabling of the target profile comprises immediatelyenabling the target profile or marking the target profile as to beenabled to enable the target profile after performing a predeterminedoperation.
 8. The method of claim 5, wherein the operation comprises arefresh operation or a reset operation.
 9. The method of claim 1,wherein the selectively executing of the remote profile managementcommand based on the result of the verification comprises rejecting theremote profile management command when the profile owner information ofthe target profile does not correspond to the profile owner informationor the sub-owner information of the enabled profile.
 10. The method ofclaim 9, further comprising generating an error code indicating profileowner information mismatch.
 11. A user equipment (UE) for controlling aprofile, the UE comprising: a transceiver; and at least one processorcoupled with the transceiver and configured to: receive a remote profilemanagement command regarding a target profile from a profile server;determine whether an enabled profile exists; verify whether profileowner information of the target profile corresponds to profile ownerinformation or sub-owner information of the enabled profile, based on aresult of the determination; and selectively execute the remote profilemanagement command based on a result of the verification.
 12. The UE ofclaim 11, wherein the sub-owner information comprises information of aprofile owner capable of implicitly disabling the enabled profile. 13.The UE of claim 12, wherein when the sub-owner information correspondingto the enabled profile does not exist and the profile owner informationof the enabled profile and the profile owner information of the targetprofile are different from each other, the enabled profile is notcapable of being disabled implicitly.
 14. The UE of claim 11, whereinthe at least one processor is further configured to disable the enabledprofile when profile owner information of the target profile correspondsto the profile owner information or the sub-owner information of theenabled profile.
 15. The UE of claim 14, wherein the at least oneprocessor is further configured to immediately disable the enabledprofile or marking the enabled profile as to be disabled to disable theenabled profile after performing an operation.
 16. The UE of claim 14,wherein the at least one processor is further configured to enable thetarget profile.
 17. The UE of claim 16, wherein the at least oneprocessor is further configured to immediately enable the target profileor mark the target profile as to be enabled to enable the target profileafter performing a predetermined operation.
 18. The UE of claim 15,wherein the operation comprises a refresh operation or a resetoperation.
 19. The UE of claim 11, wherein the at least one processor isfurther configured to reject the remote profile management command whenthe profile owner information of the target profile does not correspondto the profile owner information or the sub-owner information of theenabled profile.
 20. The UE of claim 19, wherein the at least oneprocessor is further configured to generate an error code indicatingprofile owner information mismatch.